Learn About Us

WindowsSCOPE is a brand and division within BlueRISC developing cyber forensics and cyber crime investigation supporting tools and technologies. Founded in 2002, BlueRISC invents cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

In this screen shot, the example snapshot ‘Before Installing Antivirus’ is selected. The view is on Memory View → Summary of System Activity → Open Files, which is showing the Open Files for just the current snapshot. To compare this list to a list from another snapshot, check the box for the snapshots that are to be compared in the bottom panel and click ‘Compare’. Only two snapshots can be compared at a time.

After clicking ‘Compare’, a prompt will come up asking for the ‘Start Row Number’ and ‘Comparison Length’ for each snapshot. This tells the Compare Tool where to start comparing in the list and for how long. By default, it starts comparing at the first entry and continues all the way to the end of the table. Once the desired settings are chosen, click ‘Compare’.

Now the two lists are compared side-by-side. The earlier snapshot is shown to the right and the newer to the left. If something is highlighted in red, then it is found in the newer snapshot and not the older. For entries highlighted in green, then it is found in the older snapshot and not the newer. Lastly, if an entry is highlighted in blue, then the entry is found in both, but has been modified in some way. White is the default color for entries that have been untouched.

In the above example, after installing the AVG anti-virus several new files belonging to the AVG directory are found to be open (highlighted in red). For ease of use, each snapshot panel can be maximized to the full WindowsSCOPE window by pressing the ‘Maximize’ button directly above each scroll bar. The newly opened files that WindowsSCOPE detected appear to be related to AVG’s real-time protection. WindowsSCOPE could similarly be used to inspect suspicious software.